In an era defined by electronics connections, our personal lives get caught in the free flow of data. Here's what happens when the erosion of privacy hits home.

It's August 2011 in eastern Pennsylvania, and the plea comes not from a traditional phone call, but rather AT&T's Internet Relay Service, which allows the deaf to make phone calls from a text-based interface over the Internet. The grisly scene is unfolding in East Allen Township, re sponders are told, and an address appears on their computer screens. The caller says he's 10 years old. "I'm [hiding] in the bathroom now," he says. "Help me, please—I'm going to die!"

Moments later, four police cruisers race through the streets of a middle-class enclave, sirens wailing, and pull up onto the lawn of the Yagerhofer residence.

Inside, Lisa Yagerhofer gets up from the dinner table she's sharing with her husband, James, and 16-year-old son, Tyler. She opens the front door to find a Pennsylvania State Trooper yelling, "Get out now!"

"What is going on?" Lisa stammers. "What is this all about?"

The answer, they would all soon learn: a game that Tyler had played hours earlier on his Xbox 360. He'd had a squabble with another player during online play, which triggered a terrifying modern- day prank. Tyler's irked opponent had jacked into his Xbox Live profile, which contains billing address info, then called the police through a Philadelphia-based Internet Relay Service to hide his location. "There were state cops at my house," Tyler says. "They pointeda gun at my face."

Advertisement - Continue Reading Below

The worst part of the prank is that it is surprisingly common. The sick joke, known as swatting, takes advantage of the 911 system by painting the scene of an unfolding crime so heinous that local police forces often unleash the full might of their paramilitary units upon an unsuspecting household. It has occurred hundreds of times over the past decade, costing taxpayers up to $10,000 each time the cavalry rolls in. It has apparently been used to settle political scores—conservative bloggers Patrick Frey of Patterico's Pontifications and Erick Erickson of RedState allege that left-wing activists are behind recent swattings of their homes—and to badger celebrities, including Ashton Kutcher and Justin Bieber. It is a minor miracle no one has been shot during these emergency responses—though two victims have reportedly suffered heart attacks from the shock of having had their front doors suddenly knocked off the hinges.

Surveillance State: Who's Spying on You?

>

Advertisement - Continue Reading Below

That is the moment a nebulous threat to privacy becomes a concrete instance of harm. Our personal lives have increasingly become public information: Each day people enthusiastically post 400 million tweets and upload 300 million new photos to Facebook. Americans are routinely tracked through smartphone apps and instantly background-checked through surveillance cameras. We each leave a treasure trove of per sonal information in places that are surprisingly accessible—such as Tyler Yagerhofer's Xbox Live profile—and so widespread that it's impossible to keep track of it, much less secure it all.

This slow and steady degradation of personal privacy has become so pervasive that many citizens are inured to it. But when personal data suddenly falls into the hands of those willing to abuse it, victims get a chilling reminder of how exposed the free flow of that information has left them. So much of our information gets collected, traded, and aggregated that it's not difficult for a shady company, corner-cutting law enforcement officer, or snickering online troll with a twisted sense of humor to find out where we live, how we spend our time, and whom we care about, then wreak havoc.

Kimberly Mitchell of the Crimes Against Children Research Center at the University of New Hampshire has studied the way kids use the Internet, and she says that there is considerable debate about whether people are genuinely nastier to each other online or if the Web simply provides a larger forum for bad behavior. "The sheer amount of people on the Internet is the unique characteristic here," she says. "You get access to people that you wouldn't otherwise encounter."

Advertisement - Continue Reading Below

Advertisement - Continue Reading Below

Vicious behavior may not be more common online than off, but the Internet has the potential to amplify abuse. According to a 2011 study of teenagers by the Pew Research Center's Internet & American Life Project, 15 percent of teenagers said someone had been cruel to them on social networks in the previous year. The same poll found that when teens witnessed mean behavior to others online, 21 percent of them admitted to occasionally joining in. Many of the stories of youthful cruelty are well-known—such as the case of Tyler Clementi, the Rutgers University freshman who jumped to his death from the George Washington Bridge in 2010 after his roommate used his computer to capture video of him kissing an older man—but adults can become victims just as easily.

The stories get horrible in a hurry. In 2006, days after the daughter of an Orange County, Calif., man was killed in a car crash, he was emailed photos of her corpse taken at the scene of the accident with the message, "Woohoo Daddy! Hey Daddy, I'm still alive." Last year, a Houston man was arrested for online impersonation after creating profiles for his ex-girlfriend on a prisoner pen pal site. Also in 2012, Leo Traynor, a blogger in Ireland, wrote about how he was tormented for three years by anonymous anti-Semitic emails and Twitter direct messages to both him and his wife—his abuser even mailed a container of ashes to his doorstep with a note that said, "Say hello to your relatives from Auschwitz." He ultimately discovered the source of the harassment —his neighbor's 17-year-old son. Traynor confronted the boy and asked him why he had done it. The teen answered blankly, "I don't know. I'm sorry. It was like a game thing."

The Internet's avenue for adolescent nastiness can lead to unpredictable and dramatic invasions of personal privacy, but it is the institutional and governmental intrusions into our lives that are, arguably, more unsettling. If you live in Minneapolis, New York City, San Francisco, or many other cities in the United States and you drove to work today, the license plate of your vehicle was very likely scanned by an automatic license plate recognition (ALPR) device, logged into a database, and checked against police records of stolen cars and wanted criminals. "ALPRs tag each photo with the time, date, and GPS location of the photograph," says Allie Bohm, a privacy advocate at the American Civil Liberties Union. "[The police] collect information not just about people suspected of crimes, but everyone in the camera's field of view. And they're storing all the data they collect—sometimes for years, sometimes pooling it in state and regional databases. These systems are popping up everywhere in America; if the pace continues, they will be on every single corner a decade from now, and it will be the equivalent of monitoring every vehicle on the road with a GPS tracker."

These tools have obvious benefits—stolen cars can now be found with ease, and ALPRs have helped find missing persons and catch fugitives—but they have also swiftly slipped beyond the bounds of basic law enforcement. In 2012 the privacy advocacy group Electronic Privacy Information Center (EPIC) discovered that U.S. Customs and Border Protection had shared license plate data collected on millions of vehicles at the Mexican and Canadian borders with insurance companies. Many police departments make their license plate reader databases available to the general public, opening up the possibility that private citizens could track each other's travels with almost no oversight. This is already being exploited by automotive repo agents who use police data bases (and sometimes their own ALPRs) to track and seize the vehicles of delinquent clients. At least one city has used ALPRs to do a little repo work of its own—the New Haven, Conn., tax collector's office has used mobile cameras to hunt down and tow the vehicles of thousands of citizens who owe back taxes.

Over the past decade, vast networks of police surveillance cameras have also been trained on pedestrians in cities such as New York City, Baltimore, Detroit, and Long Beach, Calif. Currently many systems use video analytics to automatically alert authorities to suspicious movement or behavior. But recent improvements in the technology of facial recognition at a distance means that it won't be long before surveillance cameras will be able to ID faces as easily as they do license plates. And law enforcement facial-recognition databases are already under development. As part of its $1 billion Next Generation Identification system, the FBI is currently testing facial- recognition technology in Michigan and expects the system to be operational by 2014.

As large databases that profile the movements of private citizens build up with little oversight, it is difficult to know whether these systems are being abused. But evidence collected from law enforcement databases that are monitored shows that, even though the vast majority of police officers use the technology for legitimate purposes, there are always a few rule-bending cops willing to use these tools for illicit ends. In 2010 rookie LAPD officer Gabriel Morales printed out information on witnesses in a murder trial from the California Law Enforcement Telecommunications System and gave the information to his girlfriend's father—whose son happened to be the defendant. In 2009 Cincinnati police officer Barry Carr used the computer in his police cruiser to look up information on a woman he was attracted to, then proceeded to pull her car over multiple times and make passes at her. Similar database access outside official duty has been detailed in Las Vegas, Nev., and in Maryland, Michigan, Minnesota, and Oregon. In 2000 the Indiana State Police even suspended the Highland Police Department's access to the FBI's criminal database because of chronic misuse.

And police have not been shy about tracking citizens with the technologies already available to them. In an August 2011 review of 230 nationwide police departments, the ACLU found that virtually all track citizens' cellphones, yet only a tiny minority consistently demonstrated probable cause before doing so. Police training materials prepared by California prosecutors in 2010 advised officers on "how to get the good stuff," adding that today, "subtler and more far- reaching means of invading privacy have become available to the government." Sprint's electronic surveillance manager mentioned at a 2009 industry conference that the company had provided police with 8 million location data points in one 13-month span—enough that they simply set up a dedicated website for police to access tracking information from their desks.

Advertisement - Continue Reading Below

Advertisement - Continue Reading Below

Surveillance State: Who's Spying on You?

>

But for all the sophisticated technology available to government, no one has greater access to the intimate details of your life than the private companies you do business with every day. "We leave a lot of our digital detritus with phone companies, Internet service providers, e-commerce sites—about who we are, what we do, whom we associate with," says Mark Rasch, former head of the Department of Justice's computer crime unit and now director of cyber security and privacy consulting at CSC. "Because no legal paradigm exists to oversee it, the assumption is that your data belongs to whomever collected it."

By now most Internet users are aware of the cookies that track their movements online, but the scope and depth of the information gathering still has the power to astound. Using the Firefox plug-in Collusion, which monitors online tracking, PM conducted a simple experiment, surfing popular websites to shop for children's toys and research a trip from New York City to Orlando, Fla. We visited just five sites, yet our browsing information was shared with more than 30 data-tracking and -aggregation firms with names such as BlueKai, AppNexus, Atlas, and Collective Media.

Advertisement - Continue Reading Below

And the tracking continues when you shut down your computer. Facebook recently allowed data-mining firm Datalogix to combine personal information from the social network's users with the real-world information Datalogix collects from brick-and-mortar stores—so Facebook users could be tracked offline.

Verizon came under fire last year for gathering a mountain of app, browsing, and location information from its customers and selling it to marketers. "We're able to view just everything that they do," Bill Diggins, a Verizon Wireless marketing executive told a business intelligence conference last May. "Data is the new oil."

Most of the time the data collected by our devices on behalf of companies we do business with is used to refine ever-more-efficient marketing efforts. But sometimes personal devices are hijacked for more dubious business reasons.

In 2010 Brian and Crystal Byrd found out just how far a company was willing to go to peer into the private lives of its customers. In July of that year the couple signed a rent-to-own agreement for a Dell Inspiron 14 laptop with the local branch of the Aaron's leasing empire in Casper, Wyo. The couple had agreed to pay off the computer by Nov. 15 of that year; the Byrds beat that time frame and paid the final installment on Oct. 1, 2010.

Advertisement - Continue Reading Below

Advertisement - Continue Reading Below

Due to an administrative error, Aaron's never logged the final payment. So on Nov. 16, believing the Byrds were in arrears, store employees activated snooping software, called PC Rental Agent, installed on the computer. Created by Pennsylvania firm Designer Ware, PC Rental Agent includes a Detective Mode that allows operators to remotely access, monitor, and intercept keystrokes and electronic communications. That includes the user names and passwords for email accounts, social networking sites, and online banking, as well as Social Security numbers and medical records.

Ostensibly intended as a long-distance kill switch for stolen hardware, PC Rental Agent also grants third-party control of the computer's camera: "When activated, Detective Mode can cause a computer's webcam to surrepti tiously photograph not only the computer user, but also anyone else within view of the camera," the Federal Trade Commission (FTC) explained in a sweeping 2012 lawsuit against DesignerWare, Aaron's, and five other companies that installed the software on rental computers. "[These] webcam activations have taken pictures of children, individuals not fully clothed, and couples engaged in sexual activities." Worldwide, the seven companies had installed the software on more than 400,000 computers.

The program ran on the Byrds' computer for more than a month, with outsiders accessing the couple's Dell almost 350 times. In December store manager Christopher Mendoza came to the Byrds' home to repossess the computer—and presented, as evidence that it was still in use, a webcam photograph of Brian lounging on the brown leather couch in his living room. "It feels like we were pretty much invaded, like somebody else was in our house," Byrd told the Associated Press. (Due to a pending lawsuit, the couple declined an interview with PM.) "It's a weird feeling. I can't really describe it. I had to sit down for a minute after he showed me that picture."

Advertisement - Continue Reading Below

With privacy laws so vague, the government responds to only the most egregious violations. Outright digital harassment is illegal in most states. But that only discourages those who follow the law in the first place. For online assailants who believe they are beyond the reach of legal reprisal, there's always karma. That's what happened to Stephen (not the minor's real name), the 13-year-old gamer who boasted about his takedown of Tyler Yagerhofer by posting the 911 transcript on the hacker code-sharing site Pastebin a week after the incident. Less than a month later the prank hit his own northern Michigan home shortly after he played Gears of War. Local police heard from an unidentified caller that a hostage situation was in progress and they sent police to Stephen's address. Even now it's difficult to discern if the teenager learned his lesson. "My mom was flipping out," he wrote on another hacker forum after the event. "Hahaha, very funny."

A Part of Hearst Digital Media
Popular Mechanics participates in various affiliate marketing programs, which means we may get paid commissions on editorially chosen products purchased through our links to retailer sites.